<?php defined('SYSPATH') or die('No direct script access.');

class Controller_Layout extends Controller
{

	// Controls access for the whole controller, if not set to FALSE we will only allow user roles specified
	// Can be set to a string or an array, for example 'login' or array('login', 'admin')
	// Note that in second(array) example, user must have both 'login' AND 'admin' roles set in database
	public $auth_required = FALSE;

	// Controls access for separate actions
	// 'adminpanel' => 'admin' will only allow users with the role admin to access action_adminpanel
	// 'moderatorpanel' => array('login', 'moderator') will only allow users with the roles login and moderator to access action_moderatorpanel
	public $secure_actions = FALSE;
	
	protected $_config = array(
	'hash_method'  => 'sha1',
	'salt_pattern' => '1, 3, 5, 9, 14, 15, 20, 21, 28, 30',
	'session_key'  => 'auth_user',);

	public $tab_list = array(
		'supplierCategory'  => array('controller_name' =>'boSupplierCategory','display_name' =>'类别管理','default_page' =>'supplier_category_page','view_tab' =>'supplierCategory','tab_order' => 1),
		'member'  => array('controller_name' =>'boMember','display_name' =>'会员管理','default_page' =>'member/member_page','view_tab' =>'member','tab_order' => 2),
		'supplier'  => array('controller_name' =>'boSupplier','display_name' =>'商家管理','default_page' =>'supplier_page','view_tab' =>'supplier','tab_order' => 3),
		'ads'  => array('controller_name' =>'boAds','display_name' =>'广告管理','default_page' =>'ads_page','view_tab' =>'ads','tab_order' => 4),
		'coupon'  => array('controller_name' =>'boCoupon','display_name' =>'优惠券管理','default_page' =>'coupon/coupon_page','view_tab' =>'coupon','tab_order' => 5),
		'feedback'  => array('controller_name' =>'boFeedback','display_name' =>'信息管理','default_page' =>'feedback/feedback_page','view_tab' =>'feedback','tab_order' => 6),
		'report'  => array('controller_name' =>'boReport','display_name' =>'报表管理','default_page' =>'report/report_page','view_tab' =>'report','tab_order' => 7),
	);
	
    public function __construct($request)
	{
		// Clean up the salt pattern and split it into an array
		$this->_config['salt_pattern'] = preg_split('/,\s*/', $this->_config['salt_pattern']);
		parent::__construct($request);
	}

	/**
	 * The before() method is called before your controller action.
	 * In our template controller we override this method so that we can
	 * set up default values. These variables are then available to our
	 * controllers if they need to be modified.
	 */
	public function before()
	{
		parent::before();

		#Open session
		$this->session= Session::instance();

		#Check user auth and role
		$action_name = Request::instance()->action;
		if ($this->auth_required && $action_name!='login')
		{
			if (!$this->logged_in()){
				Request::instance()->redirect('boadmin/login');
//                $msg = "你没有登录或者登录超时，请重新登录";
//                $this->gotopage($msg,'boAdmin/login');
			}
		}
	}

	/**
	 * The after() method is called after your controller action.
	 * In our template controller we override this method so that we can
	 * make any last minute modifications to the template before anything
	 * is rendered.
	 */
	public function after()
	{
		parent::after();
	}
	
	function logged_in () {
		
	    return FALSE !== $this->get_user();
	}
	
	public function get_user()
	{
		return $this->session->get($this->_config['session_key'], FALSE);
	}
	
    public function gotopage($msg,$url){
   		$view = View::factory('pages/bo/msg');
		$view->expire_time = 5;
		$view->redirectUrl = $url;
		$view->message = $msg;
		$this->request->response = $view;
    }
    
    public function hash($str)
	{
		return hash($this->_config['hash_method'], $str);
	}
	
    /**
	 * Creates a hashed password from a plaintext password, inserting salt
	 * based on the configured salt pattern.
	 *
	 * @param   string  plaintext password
	 * @return  string  hashed password string
	 */
	public function hash_password($password, $salt = FALSE)
	{
		if ($salt === FALSE)
		{
			// Create a salt seed, same length as the number of offsets in the pattern
			$salt = substr($this->hash(uniqid(NULL, TRUE)), 0, count($this->_config['salt_pattern']));
		}
		// Password hash that the salt will be inserted into
		$hash = $this->hash($salt.$password);

		// Change salt to an array
		$salt = str_split($salt, 1);

		// Returned password
		$password = '';

		// Used to calculate the length of splits
		$last_offset = 0;

		foreach ($this->_config['salt_pattern'] as $offset)
		{
			// Split a new part of the hash off
			$part = substr($hash, 0, $offset - $last_offset);

			// Cut the current part out of the hash
			$hash = substr($hash, $offset - $last_offset);

			// Add the part to the password, appending the salt character
			$password .= $part.array_shift($salt);

			// Set the last offset to the current offset
			$last_offset = $offset;
		}

		// Return the password, with the remaining hash appended
		return $password.$hash;
	}
	
    /**
	 * Finds the salt from a password, based on the configured salt pattern.
	 *
	 * @param   string  hashed password
	 * @return  string
	 */
	public function find_salt($password)
	{
		$salt = '';

		foreach ($this->_config['salt_pattern'] as $i => $offset)
		{
			// Find salt characters, take a good long look...
			$salt .= substr($password, $offset + $i, 1);
		}

		return $salt;
	}
}
